Comment 21 for bug 1921494

Hello Rex,
for me the Solution was to change the ldap tls cipher parameter.
You can easaly check it when you disable ldap_tls_cipher_suite. After this the connection work for me.
After a while of search i found that Ubuntu or sssd changed the ssl tool or his paramerts

Not Openssl is used anymore (like redhat) , GNUtls is used (or his parameters)

When I use gnutls parameter i can connect to our domain
ldap_tls_cipher_suite = NORMAL
if you want it more specific you can use like this ( if its pass to your domain settings)
ldap_tls_cipher_suite = NONE:+VERS-TLS-ALL:+AES-256-GCM:+SIGN-ALL:+COMP-NUL